|
Size: 2426
Comment: small improvement how to detect gpg-agent "takeover".
|
← Revision 28 as of 2020-04-22 12:03:46 ⇥
Size: 3804
Comment: + add pennock packages for ubuntu and Debian
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 5: | Line 5: |
| Always use a current version of GnuPG Version >= 2. | Always use a current, supported version of GnuPG (which are versions >= 2.2 at 2020-04-22) |
| Line 7: | Line 7: |
| GnuPG 2.1.x is "modern", not all applications may already support the new features fully. So when in doubt, use GnuPG 2.0.x. | |
| Line 11: | Line 11: |
| gnome-keyring or seahorse may pose as gpg-agent, but known versions today (2014-11) are not fully compatible with the gpg-agent protocol. | === current versions of GnuPG https://public-packages.pennock.tech/ may provide packages that are newer than the distribution packages (read the conditions - certainly useful for testing.) === other apps posing as gpg-agent problems gnome-keyring or seahorse may pose as gpg-agent, but known versions today (2015-03) are not fully compatible with the gpg-agent protocol. |
| Line 16: | Line 23: |
| You are talking for a gpg-agent for good, if it has something with gpg-agent in it and a corresponding gpg-agent process is running. Otherwise the connection has probably been taken over. | You are talking to a gpg-agent for good, if it has something with {{{gpg-agent}}} in it and a corresponding gpg-agent process is running. Otherwise the connection has probably been taken over. |
| Line 20: | Line 28: |
| (TODO link or describe better solution, link/create reports for ubuntu and gnome) For some Details see this [[http://lists.gnupg.org/pipermail/gnupg-users/2014-September/050800.html|gnupg-users post]]. | (TODO link or describe better solution, link/create reports for ubuntu and gnome) For some Details see this [[http://lists.gnupg.org/pipermail/gnupg-users/2014-September/050800.html|gnupg-users post]]. Also see the [[GnomeKeyring|general problem with Gnome-Keyring page]]. |
| Line 23: | Line 31: |
| === current versions of GnuPG https://public-packages.pennock.tech/ may provide packages that are newer than the distribution packages (read the conditions - certainly useful for testing.) |
|
| Line 24: | Line 35: |
| === Misc | |
| Line 37: | Line 49: |
| * https://guardianproject.info/ , they have experimental builds of a GnuPG port, see https://guardianproject.info/2013/05/09/gnupg-for-android-progress-we-have-an-app/ * See APG and OpenPGP-Keychain via OtherFreeSoftwareOpenPGP |
* https://guardianproject.info/code/gnupg/ ported GnuPG to Android, see https://guardianproject.info/2013/05/09/gnupg-for-android-progress-we-have-an-app/ and integrated the changes to GnuPG upstream and supported there (e.g. [[https://lists.gnupg.org/pipermail/gnupg-users/2017-October/059335.html|gnupg-users@ 2017-10]]). The app itself used to be available from [[https://f-droid.org/wiki/page/info.guardianproject.gpg|Fdroid]] but is now looking for a new maintainer (last checked 2018-01-04). * For a different implementation see OpenPGP-Keychain via OtherFreeSoftwareOpenPGP * The 2016 study [[https://wiki.gnupg.org/Gpg4all2015?highlight=(OpenPGP%20auf%20Android)|Nutzung von OpenPGP auf Android]] (in German) offers a more detailed look at the available options on Android at that time. |
| Line 42: | Line 56: |
| * https://webpg.org/ , successor of FireGPG * See users of openpgp.js via OtherFreeSoftwareOpenPGP |
* https://webpg.org/ , successor of ~FireGPG. //provides an interface to GnuPG by way of an [[https://en.wikipedia.org/wiki/NPAPI|NPAPI]] plugin// * For different implementations see users of openpgp.js via OtherFreeSoftwareOpenPGP |
| Line 45: | Line 59: |
| * The 2016 study [[https://wiki.gnupg.org/Gpg4all2015?highlight=(OpenPGP%20in%20Webanwendungen)|Nutzung von OpenPGP in Webanwendungen]] (in German) offers a more detailed look at the available options for web applications at that time. |
Notes for GnuPG users on several platforms
General Remarks
Always use a current, supported version of GnuPG (which are versions >= 2.2 at 2020-04-22) (There are only a few rare exceptions to this rule.)
Ubuntu
current versions of GnuPG
https://public-packages.pennock.tech/ may provide packages that are newer than the distribution packages (read the conditions - certainly useful for testing.)
other apps posing as gpg-agent problems
gnome-keyring or seahorse may pose as gpg-agent, but known versions today (2015-03) are not fully compatible with the gpg-agent protocol. So applications may show errors or cannot work when they believe they are talking to gpg-agent and try to use its features. Examples: ERR 280 not implemented or a protocol error in the Kleopatra self-tests.
You can detect the situation with GnuPG 2.0.x when checking the environment variable on a shell like echo $GPG_AGENT_INFO. You are talking to a gpg-agent for good, if it has something with gpg-agent in it and a corresponding gpg-agent process is running. Otherwise the connection has probably been taken over.
Solution: Disable gnome-keyring, some hints on how to disable it are within the notes on how to use gpg-agent with ssh (you need only the disable part, not the ssh part) or here.
(TODO link or describe better solution, link/create reports for ubuntu and gnome) For some Details see this gnupg-users post. Also see the general problem with Gnome-Keyring page.
Debian
current versions of GnuPG
https://public-packages.pennock.tech/ may provide packages that are newer than the distribution packages (read the conditions - certainly useful for testing.)
Misc
Note that the gnupg2 Package may search for files in paths that differ from the paths of a vanilla build and what its written in the documentation.
E.g: The gpgsm[2.0.19-2+deb7u1] in Wheezy looks in /etc/gnupg2/trustlist.txt but the docs differ (Debian defect #725804).
Mac OS X
Android
- https://guardianproject.info/code/gnupg/ ported GnuPG to Android, see https://guardianproject.info/2013/05/09/gnupg-for-android-progress-we-have-an-app/ and integrated the changes to GnuPG upstream and supported there (e.g. gnupg-users@ 2017-10). The app itself used to be available from Fdroid but is now looking for a new maintainer (last checked 2018-01-04).
- For a different implementation see OpenPGP-Keychain via OtherFreeSoftwareOpenPGP
- The 2016 study Nutzung von OpenPGP auf Android (in German) offers a more detailed look at the available options on Android at that time.
Webbrowser
- https://webpg.org/ , successor of FireGPG. provides an interface to GnuPG by way of an NPAPI plugin
- For different implementations see users of openpgp.js via OtherFreeSoftwareOpenPGP
- http://thinkst.com/tools/cr-gpg/ a Chromium extension. TODO: License ? alpha, last activity 2012
- The 2016 study Nutzung von OpenPGP in Webanwendungen (in German) offers a more detailed look at the available options for web applications at that time.